kea -- unexpected termination while handling a malformed packet

Details

VuXML ID

59e7eb28-b309-11e5-af83-80ee73b5dcf5

Discovery

2015-12-15

Entry

2016-01-04

Modified

2016-01-05

ISC Support reports:

ISC Kea may terminate unexpectedly (crash) while handling
a malformed client packet. Related defects in the kea-dhcp4
and kea-dhcp6 servers can cause the server to crash during
option processing if a client sends a malformed packet.
An attacker sending a crafted malformed packet can cause
an ISC Kea server providing DHCP services to IPv4 or IPv6
clients to exit unexpectedly.

The kea-dhcp4 server is vulnerable only in versions
0.9.2 and 1.0.0-beta, and furthermore only when logging
at debug level 40 or higher. Servers running kea-dhcp4
versions 0.9.1 or lower, and servers which are not
logging or are logging at debug level 39 or below are
not vulnerable.

The kea-dhcp6 server is vulnerable only in versions
0.9.2 and 1.0.0-beta, and furthermore only when
logging at debug level 45 or higher. Servers running
kea-dhcp6 versions 0.9.1 or lower, and servers
which are not logging or are logging at debug level 44
or below are not vulnerable.